CN113688405A - Bidirectional authentication hybrid encryption method based on block chain - Google Patents

Bidirectional authentication hybrid encryption method based on block chain Download PDF

Info

Publication number
CN113688405A
CN113688405A CN202110771469.5A CN202110771469A CN113688405A CN 113688405 A CN113688405 A CN 113688405A CN 202110771469 A CN202110771469 A CN 202110771469A CN 113688405 A CN113688405 A CN 113688405A
Authority
CN
China
Prior art keywords
user
server
transaction
data
account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110771469.5A
Other languages
Chinese (zh)
Other versions
CN113688405B (en
Inventor
张源
李诗雨
刘鹏飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN202110771469.5A priority Critical patent/CN113688405B/en
Publication of CN113688405A publication Critical patent/CN113688405A/en
Application granted granted Critical
Publication of CN113688405B publication Critical patent/CN113688405B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Abstract

The invention discloses a bidirectional authentication hybrid encryption method based on a block chain, which comprises the following steps: s1, determining public parameters of a system, a public and private key and a block chain account of a user, and a public and private key and a block chain account of a server; s2, registering the user at the server; s3, a user generates a symmetric encryption key of data to be sent, and encrypts the symmetric encryption key and the data; s4, the user concatenates the symmetric encryption key and the ciphertext of the data into a bit string and sends an authentication transaction integrated with the hash value of the bit string to a block chain account of the server; s5, the user sends the ciphertext of the symmetric encryption key, the ciphertext of the data and the transaction address of the authentication transaction to the server; s6, the server performs identity authentication on the user; s7, the server verifies the integrity of the received ciphertext; and S8, the server decrypts the ciphertext of the data to recover the plaintext of the data. The user and the server do not need to manage the certificate of the other party.

Description

Bidirectional authentication hybrid encryption method based on block chain
Technical Field
The invention relates to the technical field of communication, in particular to a bidirectional authentication hybrid encryption method based on a block chain.
Background
The current hybrid encryption is widely applied to the data transmission process, so that both communication parties can realize efficient encryption on the premise of not negotiating a key in advance.
Despite the above advantages of hybrid encryption, applying the hybrid encryption mechanism directly to practice still has the following two problems: first, hybrid encryption does not provide authentication; second, additional mechanisms are needed to ensure the security of public key distribution.
In order to realize the certifications and the safety of public key distribution, the current public key cryptosystem based on the certificate is widely applied, the public key cryptosystem depends on a Certificate Authority (CA) to ensure the safety of the public key distribution, the CA binds the user identity and the public key thereof, issues the certificate for each legal user and certifies the validity of the public key; when a user communicates, authentication is performed by verifying the validity of the certificate of the other party.
However, in practice, the user often needs to communicate with a large number of servers, and therefore needs to manage a large number of server certificates, which is a heavy burden for the user. For example, in the current mobile payment environment, a user is only equipped with a mobile device with limited computing and storage capabilities, but needs to perform secure authentication communication with multiple servers to complete payment, and managing the certificates of the servers causes a long time delay at the user end, thereby greatly reducing the user experience.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a bidirectional authentication hybrid encryption method based on a block chain.
The purpose of the invention is realized by the following technical scheme: a bidirectional authentication hybrid encryption method based on a block chain comprises the following steps:
s1, system initialization: determining public parameters of a system, a public and private key and a block chain account of a user and a public and private key and a block chain account of a server according to the security parameters;
s2, registering: the method comprises the steps that a user registers at a server, and after the user successfully registers, the server stores a blockchain account of the user, and the user stores the blockchain account of the server;
s3, data encryption: a user uses a public key of a server as input to execute a key encapsulation algorithm, generates a long random key as a symmetric encryption key of data to be sent, then uses the public key of the server to encrypt the symmetric encryption key, and uses the symmetric encryption key to symmetrically encrypt the data;
s4, transaction issuing: the user connects the ciphertext of the symmetric encryption key and the ciphertext of the data in series to form a bit string, calculates the hash value of the bit string, sends an authentication transaction to the block chain account of the server through the block chain account of the user, and integrates the hash value of the bit string into the authentication transaction;
s5, a data sending step: the user sends the ciphertext of the symmetric encryption key, the ciphertext of the data and the transaction address of the authentication transaction to a server;
s6, identity authentication: the server extracts the block chain account of the user from the authentication transaction, performs identity authentication on the user according to the block chain account of the user, and rejects the data if the identity authentication fails;
s7, data integrity verification: the server extracts the hash value of the bit string from the data field of the authentication transaction, verifies the integrity of the received ciphertext according to the hash value of the bit string, and rejects the data if the integrity verification fails;
s8, data decryption: and the server uses the private key of the server to unpack the symmetric encryption key to obtain the plaintext of the symmetric encryption key, and then uses the symmetric encryption key to decrypt the ciphertext of the data to recover the plaintext of the data.
Preferably, the S2 includes: the method comprises the steps that a user registers at a server, the user issues a transaction as a registration transaction, registration cost is transferred from a blockchain account of the user to the blockchain account of the server, the server stores the blockchain account of the user who successfully registers, the transaction is issued as a receipt transaction, a token 0 is transferred to the blockchain account of the user, and the user stores the blockchain account of the server.
Preferably, the S1 includes:
s11, determining a common parameter set PP ═ { P, G, P, h of the system according to the security parameters1,h2H, Enc (-), Dec (-) }, where P is a prime number, G is a cyclic group of order P, P is the generator of group G, H1,h2And H is a secure hash function H1,h2,H:{0,1}*→Zp,ZpIs an integer ring with the order of prime number p, Enc (K, M) represents that a safe symmetric encryption algorithm is selected, K is used as a random encryption key to encrypt M, and Dec (K, C) represents that K is used to decrypt C;
s12. user
Figure BDA0003153660610000021
Random selection
Figure BDA0003153660610000022
As users
Figure BDA0003153660610000023
Private key of, computing user
Figure BDA0003153660610000024
Of (2) a public key
Figure BDA0003153660610000025
User' s
Figure BDA0003153660610000026
The blockchain account of
Figure BDA0003153660610000027
S13, server
Figure BDA0003153660610000028
Random selection
Figure BDA0003153660610000029
As a server
Figure BDA00031536606100000210
Private key of, a computing server
Figure BDA00031536606100000211
Of (2) a public key
Figure BDA00031536606100000212
Server
Figure BDA00031536606100000213
The blockchain account of
Figure BDA00031536606100000214
Preferably, the s2. includes:
s21. user
Figure BDA00031536606100000215
Issuing a registration transaction Tx on a blockchainRegFrom users' blockchain accounts
Figure BDA00031536606100000216
To a server
Figure BDA00031536606100000217
Account of block chain
Figure BDA00031536606100000218
Transfer the registration fee, register the trade address as
Figure BDA00031536606100000219
The registration transaction TxRegIn the Data field, the Registration and the From field are
Figure BDA00031536606100000220
To field is
Figure BDA00031536606100000221
The Value field is the amount of the registration fee;
s22. user
Figure BDA00031536606100000222
Will register the transaction address
Figure BDA00031536606100000223
Send to the server
Figure BDA00031536606100000224
And sending a registration request;
s23, server
Figure BDA00031536606100000225
Based on the received registered transaction address
Figure BDA00031536606100000226
Positioning the transaction;
s24, server
Figure BDA00031536606100000227
Determining a registration transaction TxRegWhether the To field of (A) is
Figure BDA00031536606100000228
Determining a registration transaction TxRegWhether the registration fee amount displayed by the Value field meets the requirement or not is judged, and the user is judged
Figure BDA0003153660610000031
Whether the user is a non-registered user; if register transaction TxRegTo field of
Figure BDA0003153660610000032
The registration fee displayed in the Value field meets the requirement and the user
Figure BDA0003153660610000033
If the user is a non-registered user, the user is considered
Figure BDA0003153660610000034
Registration is successful, server
Figure BDA0003153660610000035
Storage user
Figure BDA0003153660610000036
Account of block chain
Figure BDA0003153660610000037
Otherwise the server
Figure BDA0003153660610000038
Rejecting a user
Figure BDA0003153660610000039
The registration request of (2);
s25, the server
Figure BDA00031536606100000310
Issuing a receipt transaction Tx on a blockchainRecFrom the server
Figure BDA00031536606100000344
Account to user
Figure BDA00031536606100000311
Account of block chain
Figure BDA00031536606100000312
Transfer 0 token, receipt transaction address of
Figure BDA00031536606100000313
The receipt transaction TxRecThe middle Data field is set as Registered success history;
s26, the server
Figure BDA00031536606100000314
Transaction address of receipt
Figure BDA00031536606100000315
Sent to the user
Figure BDA00031536606100000316
S27. user
Figure BDA00031536606100000317
Transaction address based on receipt
Figure BDA00031536606100000318
Positioning the transaction;
s28. user
Figure BDA00031536606100000319
Determining receipt transaction TxRecWhether the From field of (A) is
Figure BDA00031536606100000320
Determining receipt transaction TxRecWhether the To field of (A) is
Figure BDA00031536606100000321
Determining receipt transaction TxRecWhether the Data field of (1) is Registered success; if so, the receipt transaction TxRecFrom field of
Figure BDA00031536606100000322
To field is
Figure BDA00031536606100000323
If the Data field is Registered success, the server is considered
Figure BDA00031536606100000324
Registration is successful, user
Figure BDA00031536606100000325
Storage server
Figure BDA00031536606100000326
Account of block chain
Figure BDA00031536606100000327
Preferably, the S3 includes:
s31. user
Figure BDA00031536606100000328
Randomly selecting a random number r ∈ ZpCalculating the median number
Figure BDA00031536606100000329
Obtaining a symmetric encryption key k (h (y)) of the data, and calculating a ciphertext of the symmetric encryption key k
Figure BDA00031536606100000330
S32. user
Figure BDA00031536606100000331
A ciphertext c ═ Enc (k, m) of the data is calculated, where m is the data to be transmitted.
Preferably, the S4 includes: user' s
Figure BDA00031536606100000332
Creating an authenticated transaction Tx from the user's blockchain account
Figure BDA00031536606100000333
To a server
Figure BDA00031536606100000334
Account of block chain
Figure BDA00031536606100000335
Transferring 0 token, setting Data field of authentication transaction as hash value H (c | | | c') of character string obtained by connecting cipher text of symmetric encryption key and cipher text of Data in series, and transaction address of authentication transaction is AddTx
Preferably, the S5 includes: user' s
Figure BDA00031536606100000336
Will { c, c', AddTxSending to the server
Figure BDA00031536606100000337
Preferably, the S6 includes:
s61, server
Figure BDA00031536606100000338
Receipt of { c, c', AddTxFourthly, according to the transaction address AddTxLocating the authentication transaction Tx on a blockchain;
s62, the server
Figure BDA00031536606100000339
Verifying blockchain accounts for users contained in From field in authenticated transaction Tx
Figure BDA00031536606100000340
And if the user is a registered user, the server rejects the data.
Preferably, the S7 includes: server
Figure BDA00031536606100000341
Calculating hash value dataH (c | | c'), and extracts the data field data from the authentication transaction Tx, passing the verification
Figure BDA00031536606100000342
To verify the integrity of the data, if the verification fails, the server
Figure BDA00031536606100000343
The data is rejected.
Preferably, the S8 includes: server
Figure BDA0003153660610000041
Decapsulating the symmetric encryption key of the data, calculating an intermediate number
Figure BDA0003153660610000042
Figure BDA0003153660610000043
Symmetric encryption key k ═ h (y); server
Figure BDA0003153660610000044
Decrypting c 'using the symmetric encryption key k recovers the plaintext of data m, m ═ Dec (k, c').
The invention has the beneficial effects that: the method of the invention can realize the bidirectional authentication of the user and the server while keeping the high-efficiency encryption function by introducing the block chain, and the user and the server do not need to manage the certificate of the other side.
Drawings
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a registration transaction TxRegA schematic illustration of (1).
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive effort based on the embodiments of the present invention, are within the scope of the present invention.
Referring to fig. 1-2, the present embodiment provides a bidirectional authentication hybrid encryption method based on a blockchain:
as shown in fig. 1, a bidirectional authentication hybrid encryption method based on a blockchain includes:
s1, system initialization: and determining the public parameters of the system, the public and private keys and the blockchain account of the user and the public and private keys and the blockchain account of the server according to the security parameters.
Specifically, the S1 includes:
s11, determining a common parameter set PP ═ { P, G, P, h of the system according to the security parameters1,h2H, Enc (-), Dec (-) }, where P is a prime number, G is a cyclic group of order P, P is the generator of group G, H1,h2And H is a secure hash function H1,h2,H:{0,1}*→Zp,ZpIs an integer ring of prime p order; enc (K, M) represents that a safe symmetric encryption algorithm is selected, K is used as a random encryption key to encrypt M, and the key length of the symmetric encryption algorithm is the safety parameter; dec (K, C) indicates that K is used to decrypt C.
S12. user
Figure BDA0003153660610000045
Random selection
Figure BDA0003153660610000046
As users
Figure BDA0003153660610000047
Private key of, computing user
Figure BDA0003153660610000048
Of (2) a public key
Figure BDA0003153660610000049
User' s
Figure BDA00031536606100000410
The blockchain account of
Figure BDA00031536606100000411
S13, server
Figure BDA00031536606100000412
Random selection
Figure BDA00031536606100000413
As a server
Figure BDA00031536606100000414
Private key of, a computing server
Figure BDA00031536606100000415
Of (2) a public key
Figure BDA00031536606100000416
Server
Figure BDA00031536606100000417
The blockchain account of
Figure BDA00031536606100000418
S2, registering: the user registers at the server, and after the user successfully registers, the server stores the blockchain account of the user, and the user stores the blockchain account of the server. For example, the S2 includes: the method comprises the steps that a user registers at a server, the user issues a transaction as a registration transaction, registration cost is transferred from a blockchain account of the user to the blockchain account of the server, the server stores the blockchain account of the user who successfully registers, the transaction is issued as a receipt transaction, a token 0 is transferred to the blockchain account of the user, and the user stores the blockchain account of the server.
Specifically, the s2 includes:
s21. user
Figure BDA0003153660610000051
Issuing a registration transaction Tx on a blockchainRegFrom users' blockchain accounts
Figure BDA0003153660610000052
To a server
Figure BDA0003153660610000053
Account of block chain
Figure BDA0003153660610000054
Transfer the registration fee, register the trade address as
Figure BDA0003153660610000055
The registration transaction TxRegIn the Data field, the Registration and the From field are
Figure BDA0003153660610000056
To field is
Figure BDA0003153660610000057
The Value field is the amount of registration charges, as shown in fig. 2.
S22. user
Figure BDA0003153660610000058
Will register the transaction address
Figure BDA0003153660610000059
Send to the server
Figure BDA00031536606100000552
And sends a registration request.
S23, server
Figure BDA00031536606100000510
Based on the received registered transaction address
Figure BDA00031536606100000511
And (6) positioning the transaction.
S24, server
Figure BDA00031536606100000512
Determining a registration transaction TxRegWhether the To field of (A) is
Figure BDA00031536606100000513
Determining a registration transaction TxRegWhether the registration fee amount displayed by the Value field meets the requirement or not is judged, and the user is judged
Figure BDA00031536606100000514
Whether the user is a non-registered user; if register transaction TxRegTo field of
Figure BDA00031536606100000515
The registration fee displayed in the Value field meets the requirement and the user
Figure BDA00031536606100000516
If the user is a non-registered user, the user is considered
Figure BDA00031536606100000517
Registration is successful, server
Figure BDA00031536606100000518
Storage user
Figure BDA00031536606100000519
Account of block chain
Figure BDA00031536606100000520
Otherwise the server
Figure BDA00031536606100000521
Rejecting a user
Figure BDA00031536606100000522
To the registration request of (3).
I.e. the server
Figure BDA00031536606100000523
For registration transaction TxRegPerforming verification, specifically comprising: server
Figure BDA00031536606100000524
Determining a registration transaction TxRegWhether the To field of (A) is
Figure BDA00031536606100000525
Server
Figure BDA00031536606100000526
Determining a registration transaction TxRegIf the registration fee amount is up to the requirement, the server
Figure BDA00031536606100000527
Determining a user
Figure BDA00031536606100000528
Whether the user is a non-registered user; if the verification result is' register transaction TxRegTo field of
Figure BDA00031536606100000529
Registration transaction TxRegThe Value field displays that the registration fee amount meets the requirement, and the user
Figure BDA00031536606100000530
Is a non-registered user', the user is considered
Figure BDA00031536606100000531
Registration is successful, at which point the server
Figure BDA00031536606100000532
Storage user
Figure BDA00031536606100000533
Account of block chain
Figure BDA00031536606100000534
Otherwise the server
Figure BDA00031536606100000535
Rejecting a user
Figure BDA00031536606100000536
To the registration request of (3).
S25, the server
Figure BDA00031536606100000553
Issuing a receipt transaction Tx on a blockchainRecFrom the server
Figure BDA00031536606100000537
Account to user
Figure BDA00031536606100000538
Account of block chain
Figure BDA00031536606100000539
Transfer 0 token, receipt transaction address of
Figure BDA00031536606100000540
The receipt transaction TxRecThe middle Data field is set to Registered success full.
S26, the server
Figure BDA00031536606100000541
Transaction address of receipt
Figure BDA00031536606100000542
Sent to the user
Figure BDA00031536606100000543
S27. user
Figure BDA00031536606100000544
Transaction address based on receipt
Figure BDA00031536606100000545
And (6) positioning the transaction.
S28. user
Figure BDA00031536606100000546
Determining receipt transaction TxRecWhether the From field of (A) is
Figure BDA00031536606100000547
Determining receipt transaction TxRecWhether the To field of (A) is
Figure BDA00031536606100000548
Determining receipt transaction TxRecWhether the Data field of (1) is Registered success; if so, the receipt transaction TxRecFrom field of
Figure BDA00031536606100000549
To field is
Figure BDA00031536606100000550
If the Data field is Registered success, the server is considered
Figure BDA00031536606100000551
Registration is successful, user
Figure BDA0003153660610000061
Storage server
Figure BDA0003153660610000062
Account of block chain
Figure BDA0003153660610000063
I.e. the user
Figure BDA0003153660610000064
For receipt transaction TxRecPerforming verification, specifically comprising: user' s
Figure BDA0003153660610000065
Determining receipt transaction TxRecWhether the From field of (A) is
Figure BDA0003153660610000066
User' s
Figure BDA0003153660610000067
Determining receipt transaction TxRecWhether the To field of (A) is
Figure BDA0003153660610000068
User' s
Figure BDA0003153660610000069
Determining receipt transaction TxRecWhether the Data field of (1) is Registered success; if the verification result is' receipt transaction TxRecFrom field of
Figure BDA00031536606100000610
Receipt transaction TxRecTo field of
Figure BDA00031536606100000611
Receipt transaction TxRecThe Data field of (1) is Registered success, then the server is considered as
Figure BDA00031536606100000612
Registration is successful when the user
Figure BDA00031536606100000613
Storage server
Figure BDA00031536606100000614
Account of block chain
Figure BDA00031536606100000615
S3, data encryption: the user uses the public key of the server as input to execute a key encapsulation algorithm, generates a long random key as a symmetric encryption key of data to be sent, then uses the public key of the server to encrypt the symmetric encryption key, and uses the symmetric encryption key to symmetrically encrypt the data.
Specifically, the S3 includes:
s31. user
Figure BDA00031536606100000616
Randomly selecting a random number r ∈ ZpCalculating the median number
Figure BDA00031536606100000617
Obtaining a symmetric encryption key k (h (y)) of the data, and calculating a ciphertext of the symmetric encryption key k
Figure BDA00031536606100000618
S32. user
Figure BDA00031536606100000619
The ciphertext c' ═ Enc (k,m), where m is the data to be transmitted.
S4, transaction issuing: and the user concatenates the ciphertext of the symmetric encryption key and the ciphertext of the data into a bit string, calculates the hash value of the bit string, sends an authentication transaction to the block chain account of the server through the block chain account of the user, and integrates the hash value of the bit string into the authentication transaction.
Specifically, the S4 includes: user' s
Figure BDA00031536606100000620
Creating an authenticated transaction Tx from the user's blockchain account
Figure BDA00031536606100000621
To a server
Figure BDA00031536606100000622
Account of block chain
Figure BDA00031536606100000623
Transferring 0 token, setting Data field of authentication transaction as hash value H (c | | | c') of character string obtained by connecting cipher text of symmetric encryption key and cipher text of Data in series, and transaction address of authentication transaction is AddTx
S5, a data sending step: and the user sends the ciphertext of the symmetric encryption key, the ciphertext of the data and the transaction address of the authentication transaction to the server.
Specifically, the S5 includes: user' s
Figure BDA00031536606100000624
Will { c, c', AddTxSending to the server
Figure BDA00031536606100000625
S6, identity authentication: and the server extracts the block chain account of the user from the authentication transaction, performs identity authentication on the user according to the block chain account of the user, and rejects the data if the identity authentication fails.
Specifically, the S6 includes:
s61, server
Figure BDA00031536606100000626
Receipt of { c, c', AddTxFourthly, according to the transaction address AddTxThe authentication transaction Tx is located on the blockchain.
S62, the server
Figure BDA00031536606100000627
Verifying blockchain accounts for users contained in From field in authenticated transaction Tx
Figure BDA00031536606100000628
And if the user is a registered user, the server rejects the data.
S7, data integrity verification: and the server extracts the hash value of the bit string from the data field of the authentication transaction, verifies the integrity of the received ciphertext according to the hash value of the bit string, and rejects the data if the integrity verification fails.
Specifically, the S7 includes: server
Figure BDA0003153660610000077
Calculating hash value dataH (c | | c'), and extracts the data field data from the authentication transaction Tx, passing the verification
Figure BDA0003153660610000071
To verify the integrity of the data, if the verification fails, the server
Figure BDA0003153660610000072
The data is rejected.
S8, data decryption: and the server uses the private key of the server to unpack the symmetric encryption key to obtain the plaintext of the symmetric encryption key, and then uses the symmetric encryption key to decrypt the ciphertext of the data to recover the plaintext of the data.
Specifically, the S8 includes: server
Figure BDA0003153660610000076
Decapsulating the symmetric encryption key of the data, calculating an intermediate number
Figure BDA0003153660610000073
Figure BDA0003153660610000074
Symmetric encryption key k ═ h (y); server
Figure BDA0003153660610000075
Decrypting c 'using the symmetric encryption key k recovers the plaintext of data m, m ═ Dec (k, c').
The method of the invention can realize the bidirectional authentication of the user and the server while keeping the high-efficiency encryption function by introducing the block chain, and the user and the server do not need to manage the certificate of the other side. Specifically, a key encapsulation algorithm is realized based on a public key encryption mechanism, a symmetric encryption key of data to be sent is generated, and public key encryption is performed on the symmetric encryption key, so that the two parties do not need to negotiate a key in advance; compared with a secret key, the data to be transmitted is long in length and high in use efficiency, and efficient encryption of the data is achieved through symmetric encryption. Therefore, the method of the invention can realize high-efficiency encryption without the need of negotiating the key in advance between the two communication parties.
In addition, the method uses the public and private keys of the block chain account as the public and private keys of the user, the public key of the user determines the unique account address, and the account address of the user and the user identity have one-to-one and determined relationship. Due to the security of the blockchain, other users cannot impersonate the target user to issue a transaction without knowing the private key of the user. When the user sends data, transferring accounts to the account of the receiver, and integrating the ciphertext of the symmetric encryption key and the hash value of the ciphertext of the data into a transaction, so that the identity authentication of the sender to the receiver is realized; the receiver can complete the identity authentication of the sender by verifying the account address contained in the transaction. Therefore, the method of the invention can realize the mutual authentication of both communication parties without certificate management.
The foregoing is illustrative of the preferred embodiments of this invention, and it is to be understood that the invention is not limited to the precise form disclosed herein and that various other combinations, modifications, and environments may be resorted to, falling within the scope of the concept as disclosed herein, either as described above or as apparent to those skilled in the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A bidirectional authentication mixed encryption method based on a block chain is characterized by comprising the following steps:
s1, system initialization: determining public parameters of a system, a public and private key and a block chain account of a user and a public and private key and a block chain account of a server according to the security parameters;
s2, registering: the method comprises the steps that a user registers at a server, and after the user successfully registers, the server stores a blockchain account of the user, and the user stores the blockchain account of the server;
s3, data encryption: a user uses a public key of a server as input to execute a key encapsulation algorithm, generates a long random key as a symmetric encryption key of data to be sent, then uses the public key of the server to encrypt the symmetric encryption key, and uses the symmetric encryption key to symmetrically encrypt the data;
s4, transaction issuing: the user connects the ciphertext of the symmetric encryption key and the ciphertext of the data in series to form a bit string, calculates the hash value of the bit string, sends an authentication transaction to the block chain account of the server through the block chain account of the user, and integrates the hash value of the bit string into the authentication transaction;
s5, a data sending step: the user sends the ciphertext of the symmetric encryption key, the ciphertext of the data and the transaction address of the authentication transaction to a server;
s6, identity authentication: the server extracts the block chain account of the user from the authentication transaction, performs identity authentication on the user according to the block chain account of the user, and rejects the data if the identity authentication fails;
s7, data integrity verification: the server extracts the hash value of the bit string from the data field of the authentication transaction, verifies the integrity of the received ciphertext according to the hash value of the bit string, and rejects the data if the integrity verification fails;
s8, data decryption: and the server uses the private key of the server to unpack the symmetric encryption key to obtain the plaintext of the symmetric encryption key, and then uses the symmetric encryption key to decrypt the ciphertext of the data to recover the plaintext of the data.
2. The method according to claim 1, wherein the S2 includes: the method comprises the steps that a user registers at a server, the user issues a transaction as a registration transaction, registration cost is transferred from a blockchain account of the user to the blockchain account of the server, the server stores the blockchain account of the user who successfully registers, the transaction is issued as a receipt transaction, a token 0 is transferred to the blockchain account of the user, and the user stores the blockchain account of the server.
3. The method according to claim 1, wherein the S1 includes:
s11, determining a common parameter set PP ═ { P, G, P, h of the system according to the security parameters1,h2H, Enc (-), Dec (-) }, where P is a prime number, G is a cyclic group of order P, P is the generator of group G, H1,h2And H is a secure hash function H1,h2,H:{0,1}*→Zp,ZpIs an integer ring with the order of prime number p, Enc (K, M) indicates that a secure symmetric encryption algorithm is selected, and K is used as random encryptionThe key encrypts M, and Dec (K, C) means to decrypt C using K;
s12. user
Figure FDA0003153660600000021
Random selection
Figure FDA0003153660600000022
As users
Figure FDA0003153660600000023
Private key of, computing user
Figure FDA0003153660600000024
Of (2) a public key
Figure FDA0003153660600000025
User' s
Figure FDA0003153660600000026
The blockchain account of
Figure FDA0003153660600000027
S13, server
Figure FDA0003153660600000028
Random selection
Figure FDA0003153660600000029
As a server
Figure FDA00031536606000000210
Private key of, a computing server
Figure FDA00031536606000000211
Of (2) a public key
Figure FDA00031536606000000212
Server
Figure FDA00031536606000000213
The blockchain account of
Figure FDA00031536606000000214
4. The bidirectional authentication hybrid encryption method based on the blockchain as claimed in claim 3, wherein the S2. comprises:
s21. user
Figure FDA00031536606000000215
Issuing a registration transaction Tx on a blockchainRegFrom users' blockchain accounts
Figure FDA00031536606000000216
To a server
Figure FDA00031536606000000217
Account of block chain
Figure FDA00031536606000000218
Transfer the registration fee, register the trade address as
Figure FDA00031536606000000219
The registration transaction TxRegIn the Data field, the Registration and the From field are
Figure FDA00031536606000000220
To field is
Figure FDA00031536606000000221
The Value field is the amount of the registration fee;
s22. user
Figure FDA00031536606000000222
Will register the transaction address
Figure FDA00031536606000000223
Send to the server
Figure FDA00031536606000000224
And sending a registration request;
s23, server
Figure FDA00031536606000000225
Based on the received registered transaction address
Figure FDA00031536606000000226
Positioning the transaction;
s24, server
Figure FDA00031536606000000227
Determining a registration transaction TxRegWhether the To field of (A) is
Figure FDA00031536606000000228
Determining a registration transaction TxRegWhether the registration fee amount displayed by the Value field meets the requirement or not is judged, and the user is judged
Figure FDA00031536606000000229
Whether the user is a non-registered user; if register transaction TxRegTo field of
Figure FDA00031536606000000230
The registration fee displayed in the Value field meets the requirement and the user
Figure FDA00031536606000000231
If the user is a non-registered user, the user is considered
Figure FDA00031536606000000232
Successful bankbook, server
Figure FDA00031536606000000233
Storage user
Figure FDA00031536606000000234
Account of block chain
Figure FDA00031536606000000235
Otherwise the server
Figure FDA00031536606000000236
Rejecting a user
Figure FDA00031536606000000237
The registration request of (2);
s25, the server
Figure FDA00031536606000000238
Issuing a receipt transaction Tx on a blockchainRecFrom the server
Figure FDA00031536606000000239
Account to user
Figure FDA00031536606000000240
Account of block chain
Figure FDA00031536606000000241
Transfer 0 token, receipt transaction address of
Figure FDA00031536606000000242
The receipt transaction TxRecThe middle Data field is set as Registered success history;
s26, the server
Figure FDA00031536606000000243
Transaction address of receipt
Figure FDA00031536606000000244
Sent to the user
Figure FDA00031536606000000245
S27. user
Figure FDA00031536606000000246
Transaction address based on receipt
Figure FDA00031536606000000247
Positioning the transaction;
s28. user
Figure FDA00031536606000000248
Determining receipt transaction TxRecWhether the From field of (A) is
Figure FDA00031536606000000249
Determining receipt transaction TxRecWhether the To field of (A) is
Figure FDA00031536606000000250
Determining receipt transaction TxRecWhether the Data field of (1) is Registered success; if so, the receipt transaction TxRecFrom field of
Figure FDA00031536606000000251
The To field is AdduAnd if the Data field is Registered success, the server is considered
Figure FDA00031536606000000252
Registration is successful, user
Figure FDA00031536606000000253
Storage server
Figure FDA00031536606000000254
Account of block chain
Figure FDA00031536606000000255
5. The method according to claim 4, wherein the S3 comprises:
s31. user
Figure FDA0003153660600000031
Randomly selecting a random number r ∈ ZpCalculating the median number
Figure FDA0003153660600000032
Obtaining a symmetric encryption key k (h (y)) of the data, and calculating a ciphertext of the symmetric encryption key k
Figure FDA0003153660600000033
S32. user
Figure FDA0003153660600000034
A ciphertext c ═ Enc (k, m) of the data is calculated, where m is the data to be transmitted.
6. The blockchain-based bidirectional authentication hybrid encryption method according to claim 5, wherein the S4 includes: user' s
Figure FDA0003153660600000035
Creating an authenticated transaction Tx from the user's blockchain account
Figure FDA0003153660600000036
To a server
Figure FDA0003153660600000037
Account of block chain
Figure FDA0003153660600000038
Transferring 0 token, setting Data field of authentication transaction as hash value H (c | | | c') of character string obtained by connecting cipher text of symmetric encryption key and cipher text of Data in series, and transaction address of authentication transaction is AddTx
7. The method according to claim 6, wherein the S5 includes: user' s
Figure FDA0003153660600000039
Will { c, c', AddTxSending to the server
Figure FDA00031536606000000310
8. The method according to claim 7, wherein the S6 includes:
s61, server
Figure FDA00031536606000000311
Receipt of { c, c', AddTxFourthly, according to the transaction address AddTxLocating the authentication transaction Tx on a blockchain;
s62, the server
Figure FDA00031536606000000312
Verifying blockchain accounts for users contained in From field in authenticated transaction Tx
Figure FDA00031536606000000313
And if the user is a registered user, the server rejects the data.
9. The block chain-based bidirectional authentication hybrid encryption method according to claim 8,the S7 includes: server
Figure FDA00031536606000000320
Calculating hash value dataH (c | | c'), and extracts the data field data from the authentication transaction Tx, passing the verification
Figure FDA00031536606000000314
To verify the integrity of the data, if the verification fails, the server
Figure FDA00031536606000000315
The data is rejected.
10. The method according to claim 9, wherein the S8 includes: server
Figure FDA00031536606000000316
Decapsulating the symmetric encryption key of the data, calculating an intermediate number
Figure FDA00031536606000000317
Figure FDA00031536606000000318
Symmetric encryption key k ═ h (y); server
Figure FDA00031536606000000319
Decrypting c 'using the symmetric encryption key k recovers the plaintext of data m, m ═ Dec (k, c').
CN202110771469.5A 2021-07-08 2021-07-08 Bidirectional authentication hybrid encryption method based on blockchain Active CN113688405B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110771469.5A CN113688405B (en) 2021-07-08 2021-07-08 Bidirectional authentication hybrid encryption method based on blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110771469.5A CN113688405B (en) 2021-07-08 2021-07-08 Bidirectional authentication hybrid encryption method based on blockchain

Publications (2)

Publication Number Publication Date
CN113688405A true CN113688405A (en) 2021-11-23
CN113688405B CN113688405B (en) 2023-05-26

Family

ID=78576780

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110771469.5A Active CN113688405B (en) 2021-07-08 2021-07-08 Bidirectional authentication hybrid encryption method based on blockchain

Country Status (1)

Country Link
CN (1) CN113688405B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115052007A (en) * 2022-05-23 2022-09-13 重庆第二师范学院 Traceable public verification method, system and terminal for cloud storage data integrity

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108270571A (en) * 2017-12-08 2018-07-10 西安电子科技大学 Internet of Things identity authorization system and its method based on block chain
CN109962784A (en) * 2019-03-22 2019-07-02 西安电子科技大学 A kind of data encrypting and deciphering and restoration methods based on the more certificates of digital envelope
CN112418831A (en) * 2013-11-15 2021-02-26 派奈特支付网络有限责任公司 Computer system, system and method for processing transaction requests
CN112818368A (en) * 2021-02-09 2021-05-18 南京邮电大学 Digital certificate authentication method based on block chain intelligent contract
CN112906056A (en) * 2021-03-17 2021-06-04 广东工业大学 Cloud storage key security management method based on block chain
CN112910840A (en) * 2021-01-14 2021-06-04 重庆邮电大学 Medical data storage and sharing method and system based on alliance blockchain
KR20210067125A (en) * 2019-11-29 2021-06-08 한국전력공사 System and method for trading power based on blockchain
CN112995136A (en) * 2021-02-03 2021-06-18 浙江泰科数联信息技术有限公司 K-out-of-m anonymous voting method based on alliance chain

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112418831A (en) * 2013-11-15 2021-02-26 派奈特支付网络有限责任公司 Computer system, system and method for processing transaction requests
CN108270571A (en) * 2017-12-08 2018-07-10 西安电子科技大学 Internet of Things identity authorization system and its method based on block chain
CN109962784A (en) * 2019-03-22 2019-07-02 西安电子科技大学 A kind of data encrypting and deciphering and restoration methods based on the more certificates of digital envelope
KR20210067125A (en) * 2019-11-29 2021-06-08 한국전력공사 System and method for trading power based on blockchain
CN112910840A (en) * 2021-01-14 2021-06-04 重庆邮电大学 Medical data storage and sharing method and system based on alliance blockchain
CN112995136A (en) * 2021-02-03 2021-06-18 浙江泰科数联信息技术有限公司 K-out-of-m anonymous voting method based on alliance chain
CN112818368A (en) * 2021-02-09 2021-05-18 南京邮电大学 Digital certificate authentication method based on block chain intelligent contract
CN112906056A (en) * 2021-03-17 2021-06-04 广东工业大学 Cloud storage key security management method based on block chain

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
曹素珍等: "可验证混合存储属性基多关键字密文检索方案" *
田道坤等: "在区块链中基于混合算法的数字签名技术" *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115052007A (en) * 2022-05-23 2022-09-13 重庆第二师范学院 Traceable public verification method, system and terminal for cloud storage data integrity

Also Published As

Publication number Publication date
CN113688405B (en) 2023-05-26

Similar Documents

Publication Publication Date Title
CN109728909B (en) Identity authentication method and system based on USBKey
CN101421968B (en) Authentication system for networked computer applications
US7975139B2 (en) Use and generation of a session key in a secure socket layer connection
JP5307191B2 (en) System and method for secure transaction of data between a wireless communication device and a server
US5784463A (en) Token distribution, registration, and dynamic configuration of user entitlement for an application level security system and method
CA2288192C (en) Two way authentication protocol
CN108270571A (en) Internet of Things identity authorization system and its method based on block chain
CN101902476B (en) Method for authenticating identity of mobile peer-to-peer user
CN106713279B (en) video terminal identity authentication system
US8806206B2 (en) Cooperation method and system of hardware secure units, and application device
CN103763631A (en) Authentication method, server and television
CN110020524B (en) Bidirectional authentication method based on smart card
CN103354498A (en) Identity-based file encryption transmission method
CN111756529B (en) Quantum session key distribution method and system
CN113612605A (en) Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology
US20230188325A1 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN102254380A (en) Safe mobile phone payment method and system based on hybrid encryption mechanism
US7971234B1 (en) Method and apparatus for offline cryptographic key establishment
JP2001134534A (en) Authentication delegate method, authentication delegate service system, authentication delegate server device, and client device
CN113676448B (en) Offline equipment bidirectional authentication method and system based on symmetric key
CN111756722B (en) Multi-authorization attribute-based encryption method and system without key escrow
CN113688405B (en) Bidirectional authentication hybrid encryption method based on blockchain
KR20080005344A (en) System for authenticating user's terminal based on authentication server
Isaac et al. Anonymous payment in a kiosk centric model using digital signature scheme with message recovery and low computational power devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant